From cf924624c861aed89adc7cd22aa66314c41a9c3f Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Tue, 23 Apr 2019 21:29:11 +0200 Subject: [PATCH] moves execs to selinux --- manifests/main/exec.pp | 45 ------------------------------------- manifests/main/service.pp | 2 +- manifests/selinux/config.pp | 17 ++++++++++++++ 3 files changed, 18 insertions(+), 46 deletions(-) delete mode 100644 manifests/main/exec.pp diff --git a/manifests/main/exec.pp b/manifests/main/exec.pp deleted file mode 100644 index c8be60e..0000000 --- a/manifests/main/exec.pp +++ /dev/null @@ -1,45 +0,0 @@ -## cd_nrpe::main::exec.pp -# Module name: cd_nrpe -# Author: Arne Teuke (arne_teuke@ConfDroid.com) -# # License: -# This file is part of cd_nrpe. -# -# cd_nrpe is used for providing automatic configuration of NRPE. -# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com) -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# @summary Class manages execs for cde_nrpe. -############################################################################## -class cd_nrpe::main::exec ( - -) inherits cd_nrpe::params { - - require cd_nrpe::main::files - - # create policy file fpr sudo selinux policy - exec { 'create_nrpe_pp': - command => template($ne_checkmodule_nrpe_erb), - user => 'root', - creates => $ne_nrpe_pp_file, - refreshonly => true, - notify => Exec['import_semodule_nrpe'], - } - - # import semodule - exec { 'import_semodule_nrpe': - command => template($ne_semodule_erb), - user => 'root', - unless => '/sbin/semodule -l | grep nrpe | grep -v nrpe_', - refreshonly => true, - } -} diff --git a/manifests/main/service.pp b/manifests/main/service.pp index d31477a..5669ca4 100644 --- a/manifests/main/service.pp +++ b/manifests/main/service.pp @@ -28,7 +28,7 @@ class cd_nrpe::main::service ( require cd_nrpe::firewall::iptables } - require cd_nrpe::main::exec + require cd_nrpe::main::files if $ne_manage_cmds == true { require cd_nrpe::commands::definition_rules diff --git a/manifests/selinux/config.pp b/manifests/selinux/config.pp index ee0200b..6688765 100644 --- a/manifests/selinux/config.pp +++ b/manifests/selinux/config.pp @@ -33,5 +33,22 @@ class cd_nrpe::selinux::config ( cwd => '/tmp', unless => 'getsebool nagios_run_sudo | awk \'{print$3}\' | grep -ic "on"' } + + # create policy file for sudo selinux policy + exec { 'create_nrpe_pp': + command => template($ne_checkmodule_nrpe_erb), + user => 'root', + creates => $ne_nrpe_pp_file, + refreshonly => true, + notify => Exec['import_semodule_nrpe'], + } + + # import semodule + exec { 'import_semodule_nrpe': + command => template($ne_semodule_erb), + user => 'root', + unless => '/sbin/semodule -l | grep nrpe | grep -v nrpe_', + refreshonly => true, + } } }